In response to the guidelines put forth by the University in
the Harvard Enterprise Information Security Policy
and the findings of
a recent IT Governance audit by Harvard Risk Management and Audit Services, HSPH
must change our current password policy to meet the new requirements.
In early June, the HSPH Department of Information Technology will begin
mandating complex passwords for all HSPH systems.
Each user will be required to
reset their password to comply with new standards by June 30, 2010.
- Additionally, we will be rolling out a
new service that will allow you to reset your password 24-7-365 without having
to call the HSPH Helpdesk. To set up this self-service system, each user will
be required to establish three security challenge questions.
Beginning the first week of June, we will roll out the new requirements
department by department in an attempt to minimize the impact and enhance user
support. Each department administrator
will be notified of when the requirements will go into place for their
department. It should take users no longer than 5 minutes to make the required
For complete information on secure
passwords and screenshots outlining the process, please visit our internal document on secure passwords (PIN protected).